HIPAA-compliant Text Messaging for Family Caregivers
By David S. Williams, Co-Founder & CEO, Care3.
I admit it. As a caregiver for my mother for ten years, I didn’t worry about the security and privacy of her health information, whether on phone calls, emails or text messaging. In fact, I’ve spoken to hundreds of families caring for aging parents or special needs children. Never has ANYONE expressed the urgency to protect their loved ones’ health information, especially when text messaging.
And why should they? The focus has to be on the care delivered. We as caregivers have to keep our loved ones well, nurse them back to health, get them better, right? We don’t have time to think about every piece of information that we share with family members and how we share it. We can barely get through our own lives, with jobs, family, and other responsibilities. Thinking about information management is yet another thing—and sounds exhausting!
But here’s the thing: disregarding the privacy and security of health information may actually have negative, unintended consequences. That is why it is so important to be careful how you share health information using mobile devices and apps.
Messaging is the #1 function used on mobile devices according to Pew Internet Research. We all know how to send texts, pictures, and other media using the popular messaging apps like iMessage, SMS, Facebook Messenger or WhatsApp just to name a few. But all of these apps have one MAJOR flaw:
NONE of them are safe or secure for healthcare conversations. None are “HIPAA-compliant.”
Wait, what? What does “secure for healthcare conversations” mean? How can these apps not be safe? The biggest names in technology are behind these apps: Apple, Google, Facebook. Don’t they know this?
Yes, in fact they do. It’s a conscious choice for them NOT to be secure for healthcare conversations.
What it means to be secure for healthcare conversations.
The US government has privacy standards for healthcare information transmission, transfer, and storage to protect patients’ personal health information (PHI). You may have heard of “HIPAA”, also known as “The Privacy Rule.”
The Health Information Portability and Accessibility Act regulates how healthcare providers are supposed to handle the PHI of patients. The Privacy Rule extends to providers and how they communicate with patients and families as well. And to repeat: NONE of the popular messaging apps meet this standard of security and privacy.
What qualifies as personal health information?
Medications (brands, generics, OTC, dosage, frequency, etc.)
Doctors (by name or type of doctor)
Treatments (medications, supplements, rehab exercises, activities of daily living)
So whenever you’re talking to family, friends, or your healthcare provider about your loved one, you’re likely sharing information that includes PHI. That sharing can have consequences if not done with an eye on security.
What Are The Risks?
We have now entered the age of hacking and information security is at the forefront of the national discussion in areas including national security, elections, cloud storage, and yes, healthcare.
In the past two years, Apple, Facebook, Yahoo, and other tech heavyweights have revealed that their systems have been hacked with millions of records being stolen. In healthcare, however, the privacy breaches tend to be personal in nature—like healthcare providers revealing the private health information of celebrities. Why? Because healthcare technology is held to a much higher standard of security.
Five Consequences of NOT Using a HIPAA-compliant Text Messaging App as a Family Caregiver
1. Discrimination. The main area people worry about is discrimination by employers or insurance companies. Employers could use PHI to find ways to terminate employment for your loved one under legal means, even if the health condition is the main reason. Losing one’s job can have devastating consequences for healthcare access and quality. Because health premiums are calculated by risk pools, people with diagnosed health conditions tend to pay higher monthly premiums for insurance coverage. It’s amazing that a small thing like sending a text message over unsecured apps could lead to such NEGATIVE outcomes. Don’t let it happen.
2. Outing your Loved One’s Condition. In sharing PHI with a trusted family member, you may inadvertently “out” your loved one’s information. How, you ask? Because the popular messaging apps do not have privacy protections that automatically log out users if they haven’t logged in for a period of time. That means if your family member loses their phone, anyone who recovers it can access your loved one’s PHI. Even if the person leaves the phone out and it is picked up by a friend of theirs and accessed, your loved one’s information could be accessed. This type of thing happens all the time and you should keep that in mind when having healthcare conversations on unprotected, unsecure apps.
3. Taking Away Your Loved One’s Right to Privacy. Privacy is a right that we are all guaranteed by the US Constitution. But if you’re sharing the PHI of a loved one over an unsecured app, you have in effect taken away their right to privacy. There are channels that you can use to transmit PHI securely. If you choose NOT to use these channels, you are taking away a fundamental right out of your personal convenience. That isn’t fair to your loved one. They trust you to care for them, so they trust you with their health information. Do not betray that trust.
4. Giving Away Your Right to Health Record Storage. The Privacy Rule not only ensures the security of your health information across electronic pathways, it also mandates that records be kept for six years. This means that your loved one has the right to storage of health information that can be used to help them in the future. If you’re not using a messaging app secure for healthcare, then you’re giving away your loved one’s right to health data storage. The popular messaging apps don’t retain your messages for more than a few months to a year. Don’t give away the right to data retention. It can save your loved one’s life—and potentially others.
5. Losing Valuable Data. If you’re having conversations about the health of loved ones on unsecured apps, the information your sharing isn’t transferrable to a health record. This means that healthcare professionals can’t use that information to design better treatment plans and protocols because they don’t know what is going on outside of their offices and facilities. With a HIPAA secure messaging app, many of the data are shareable to your loved one’s electronic health record (EHR). That is a major benefit of using apps secure for healthcare and a major lost opportunity when not using one.
Make sure you respect your loved one’s right to privacy and security. Respect YOUR OWN right to privacy as well. All of these issues apply to you and your healthcare as well. You wouldn’t want anyone in your family outing your personal business to others whether or not it was intended.